I have updated the HowTo with suggestions 1 & 2 (after checking them, of course...)
Regarding suggestion 3 - I'm not sure I understand it. Isn't that the difference I wrote between "Basic" and "Full" configurations? 2014-03-27 9:15 GMT+02:00 Martin Kosek <[email protected]>: > Thanks! That helps. I have few suggestions that would be great if you test: > > 1) Can we point Redmine to search users directly in the users container? > I.e. cn=users,cn=accounts,dc=example,dc=com instead of just > dc=example,dc=com. > It will narrow down the LDAP search. > > 2) Can you search over LDAPS? Just to make sure that the bind and user > password > do not get in plain text over the wire. > > 3) Does the On-the-fly user creation goes well? In current configuration it > would seem to me that some of the attributes that FreeIPA keeps for each > user > are not utilized. Would something like: > > On-the-fly user creation = yes > Attributes > Login = uid > Firstname = givenName > Lastname = sn > Email = mail > > provide better results in on the fly user creation? > > Martin > > > On 03/26/2014 09:32 PM, צביקה הרמתי wrote: > > Wow. That was much easier that my previous attempt... > > > > Here is the HowTo I wrote: > > http://www.freeipa.org/page/HowTo/Authenticating_Redmine_with_IPA > > > > I'll be glad if you review it. > > > > Regarding Samba, that page looks a bit intimidating... > > > > Thanks for the help. > > > > > > 2014-03-26 14:29 GMT+02:00 Martin Kosek <[email protected]>: > > > >> On 03/26/2014 12:42 PM, צביקה הרמתי wrote: > >>> Thanks for the prompt reply. > >>> I tried to just bind Redmine, and failed; so I assumed that it's not > >>> possible. > >>> Now, with that information, I'm encouraged to try again... > >> > >> According to [1], you should be able to create a system account for > >> redmine in > >> FreeIPA LDAP (example in [2]) and pass the DN to "Account" option and > fill > >> it's > >> password. > >> > >> Then it should be pretty straightforward to configure Redmine to bind > users > >> against FreeIPA LDAP by filling the Base DN and the right user > attributes. > >> > >> BTW as Petr already said, when you make your setup working it would be > >> indeed > >> very welcome and helpful for FreeIPA community if you create a howto on > our > >> wiki [3]. > >> > >> Martin > >> > >> [1] http://www.redmine.org/projects/redmine/wiki/RedmineLDAP > >> [2] ejabberd account creation in > >> > >> > https://www.dalemacartney.com/2012/07/05/configuring-ejabberd-to-authenticate-freeipa-users-using-ldap-group-memberships/ > >> [3] http://www.freeipa.org/page/HowTos > >> > > > >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
